Zentyal OpenVPN with Username and Password

[MrGoodBytes]

Hello,

I've recently installed Zentyal Server (Community Edition) to act as a VPN Gateway for my network.

I selected Zentyal because (a) It works on Hyper-V, and (b) it claimed to support OpenVPN.

However, I've run into a problem. I need the Zentyal server to connect as a client to an OpenVPN server using a Username and Password. From what I can see, there is no option for this at all.

I am trying to transpose instructions for PfSense to Zentyal to establish my connection.

With PfSense, the OpenVPN VPN Setup would be:
 1. Access the VPN tab at the top.
 2. Select the Client tab within the OpenVPN settings.
 3. Make sure Disable this client is not selected.
 4. Set the Server Mode to Peer to Peer (SSL/TLS).
 5. Set the Protocol to UDP.
 6. Set the Device mode to tun.
 7. Set the Interface to WAN.
 8. Leave the Local Port blank.
 9. Set the Server host or address to [ADDRESS].
10. Set the Server port to 1194.
11. Leave all Proxy fields blank.
12. Set the Server host name resolution to Infinitely resolve server.
13. Set the Description.
14. Set the Peer Certificate Authority to OpenVPN.
15. Set the Client Certificate to webConfigurator default.
16. Set the Encryption algorithm to BF-CBC (128-bit).
17. Set the Hardware Crypto to No Hardware Crypto Acceleration.
18. Leave all the Tunnel Settings blank.
19. Add the following settings in the Advanced configuration:
      nobind
      auth-user-pass /etc/openvpn-password.txt
      comp-lzo
      ca /etc/ca.crt
20. Login to the pfSense router by shell.
21. Create a file called /etc/openvpn-password.txt with the following:
      username
      password
22. Copy the ca.crt file into your /etc/ folder.

Can anyone offer the Zentyal method to do this?

[robb]

Zentyal implementation of OpenVPN uses certificates and there is no option to simpy use username/password.
If you _must_ use username/password, you will have to change the OpenVPN mason template that generates the config file.

[Paulxx]

Like this:

First, on web panel, setup a Client VPN.

mkdir -p /etc/zentyal/stubs/openvpn
cp /usr/share/zentyal/stubs/openvpn/openvpn-client.conf.mas /etc/zentyal/stubs/openvpn

Replace the  "openvpn-client.conf.mas"  content with your existing client  "vpn.conf" content (from pfsense)
Maybe leave zentyal specific log entries etc.
Make sure there is an  "auth-user-pass /etc/openvpn/password.txt" reference in there.
"/etc/openvpn/password.txt" should have username on 1st line, password on second.
Also copy over and reference certs/keys etc or make them "inline" (inside the vpn.conf/ovpn file)
Enable Client VPN and save/restart.

[Konrad]

Hello,

I've recently installed Zentyal Server (Community Edition) to act as a VPN Gateway for my network.

I selected Zentyal because (a) It works on Hyper-V, and (b) it claimed to support OpenVPN.

However, I've run into an issue. I would like Zentyal to connect to my VPN provider as a user to an OpenVPN server using a Username and Password. From what I can see, there is no option for this at all.

I'm also trying to figure out the Zentyal way of doing this. Any hints? I won't get it to work.

[royceb]

Hello,

I've recently installed Zentyal Server (Community Edition) to act as a VPN Gateway for my network.

I selected Zentyal because (a) It works on Hyper-V, and (b) it claimed to support OpenVPN.

However, I've run into an issue. I would like Zentyal to connect to my VPN provider as a user to an OpenVPN server using a Username and Password. From what I can see, there is no option for this at all.

I'm also trying to figure out the Zentyal way of doing this. Any hints? I won't get it to work.

With Zentyal?  No.  With NethServer?  Yes.  Check out https://www.nethserver.org/ <- OpenVPN/Cert&Username & Password authentication.  You can also have fail2ban monitor it for  automated possible attack/blocking response all built in via GUI management and active forum/community development.  Read more about the VPN here https://docs.nethserver.org/en/v7/vpn.html#openvpn

[webmaster]

Hello there,

On one hand, with regards to Zentyal's OpenVPN implementation, it is correct that the Zentyal GUI doesn't provide the option to configure Zentyal-to-3rd party VPN server with user and password. You should manually configure this through the templates. Did you already try this?

On the other hand, when posting in this Forum, please keep in mind that this is a Zentyal Forum. In the same way that the help requests should be related to Zentyal, the answers should help the users to solve their issues within the limits of Zentyal.

Best regards,

[royceb]

Hello there,

On one hand, with regards to Zentyal's OpenVPN implementation, it is correct that the Zentyal GUI doesn't provide the option to configure Zentyal-to-3rd party VPN server with user and password. You should manually configure this through the templates. Did you already try this?

On the other hand, when posting in this Forum, please keep in mind that this is a Zentyal Forum. In the same way that the help requests should be related to Zentyal, the answers should help the users to solve their issues within the limits of Zentyal.

Best regards,

Lol or you could maybe reach out to me and actively develop these things. https://forum.zentyal.org/index.php?topic=34855.msg113380#new

I've been a Zentyal user since v 3.5 but all I have seen over time is depreciated modules, lack of updates/developments and no clear plan forward. Dropping down to CLI and creating custom templates just doesn't seem to cut it with an average user and I CANNOT purchase a Zentyal subscription that would allow me to do this within the GUI.